Is it Time for a Security Spring Cleaning?

• Posted by Geoffrey G. Gussis on April 4th, 2005


• Filed in IT/Software/Internet, Risk Management & Compliance

Spring is here and it is a perfect time for a fresh look at your company’s online and offline security practices.  Security is a hot topic these days after a cold winter that featured numerous high-profile breach of security cases.  Many believe that increased regulation is not far away.  This means that other industries may become subject to regulation similar to the healthcare (i.e., HIPAA) and financial services (i.e., Gramm-Leach-Blilely) industries.  This may also mean that the FTC may increase its enforcement activity.

Forrester Research has some good tips for Spring:

"Establish your incident disclosure policy. Do not get caught off guard when a breach of personal information is identified. Organizations should establish their disclosure policies before anything happens so they know when and how they will disclose breaches of personal information in compliance with laws and to minimize liability.

Review your privacy policy. Make sure that your privacy policy is up-to-date and that you are following it. Claims of security and privacy that are false or misleading can open wide the doors of liability.

Document your security architecture. Understand how you are securing your systems - from both the process and technology views. Security is not just about firewalls, but it also needs to cover the security of business processes and the awareness of individuals. A well-documented security architecture goes a long way in understanding how well your security is holding up.

Classify personal information. Organizations should update their classification policies to include personal and nonpublic information. Minimum security controls - again, policy and process as well as technical controls - should be defined to protect personal information."

Put aside some time this week to take your CIO to lunch or for coffee.  If you don’t have a CIO, touch base with your MIS department.  They’ll be happy that you’re not bugging them to remove "Talking Moose" adware from your computer.